Vulnerability Management Analyst

About The Position

Requirements

• Minimum of 5+ years of experience with a BS/BA, 3+ years with a MS/MS, or a PhD in Cybersecurity, IT, Computer Science, or related discipline
• 3+ years of experience in vulnerability management, cybersecurity operations, or IT security.
• Working knowledge of vulnerability scanning tools (Tenable, Prisma Cloud Compute, etc.) and security information platforms.
• Understanding of NIST RMF, FISMA, and federal security policies.
• Experience analyzing CVEs, CVSS scoring, and vulnerability exploitability.
• Strong analytical, communication, and documentation skills.
• Ability to obtain and maintain the required FAA clearance.
• US Citizenship with the ability to obtain/maintain an FAA Public Trust
• Candidates must be local and able to work on-site out of our Herndon/Chantilly, VA or Bowie, MD locations
• Position may require occasional travel to other Peraton or Customer sites in the National Capital Region

Nice To Haves

• Certifications such as Security+, CySA+, CEH, GSEC, GCIH, or similar
• Experience with POA&M management, RMF packages, or continuous monitoring activities
• Knowledge of configuration management and patch management processes

Responsibilities

• Perform continuous vulnerability scanning across servers, endpoints, networks, cloud platforms, and applications
• Analyze scan results to identify threats, misconfigurations, and weaknesses across environments
• Analyze scan results to validate true positives, categorize vulnerability types, and assess potential impact
• Correlate findings with threat intelligence to identify exploitation likelihood and risk severity
• Maintain awareness of emerging vulnerabilities (e.g., CISA KEVs, zero‑days, vendor advisories) and evaluate relevance to environments
• Validate findings, assess severity and risk impact, and distinguish false positives from actionable vulnerabilities
• Provide regular updates to cybersecurity leadership regarding high‑risk or overdue vulnerabilities requiring escalation
• Support governance reporting requirements, including inputs for executive briefings, performance reviews, and continuous monitoring submissions
• Ensure risk decisions, remediation plans, and exceptions are documented, approved, and tracked in accordance with NIST 800‑53 control requirements
• support creation of dashboards, metrics, and trend analyses to measure vulnerability remediation performance
• Prepare detailed vulnerability and risk reports for stakeholders, ISSOs, SOC teams, and system owners
• Prioritize vulnerabilities based on environment risk models, mission impact, threat intelligence, and criticality of affected assets
• Collaborate with system owners, network engineers, developers, and operations teams to drive timely remediation of findings
• Track remediation efforts, document mitigation strategies, and verify closure of vulnerabilities
• Provide technical recommendations to reduce exposure and strengthen system defenses
• Support adherence to federal cybersecurity frameworks including NIST 800-53, NIST CSF, FISMA, TIC, and information security policies
• Assist with POA&M (Plan of Action & Milestones) documentation, updates, and lifecycle management
• Participate in ATO (Authorization to Operate) and continuous monitoring activities within the RMF process
• Contribute to development and refinement of vulnerability management procedures, SOPs, and scanning schedules
• Stay current with emerging threats, CVEs, and security advisories relevant to aviation and federal agencies
• Support incident response teams by providing vulnerability insights that inform threat analysis and containment